mirror of
https://github.com/genodelabs/genode.git
synced 2025-01-25 22:00:32 +00:00
f33c7c73bd
This patch eliminates the thread ID portion of the 'Native_capability' type. The access to entrypoints is now exclusively handled by passing socket descripts over Unix domain sockets and by inheriting the socket descriptor of the parent entrypoint at process-creation time. Each entrypoint creates a socket pair. The server-side socket is bound to a unique name defined by the server. The client-side socket is then connected to the same name. Whereas the server-side socket is meant to be exclusively used by the server to wait for incoming requests, the client-side socket can be delegated to other processes as payload of RPC messages (via SCM rights). Anyone who receives a capability over RPC receives the client-side socket of the entrypoint to which the capability refers. Given this socket descriptor, the unique name (as defined by the server) can be requested using 'getpeername'. Using this name, it is possible to compare socket descriptors, which is important to avoid duplicates from polluting the limited socket-descriptor name space. Wheras this patch introduces capability-based delegation of access rights to entrypoints, it does not cover the protection of the integrity of RPC objects. RPC objects are still referenced by a global ID passed as normal message payload.
113 lines
2.0 KiB
C++
113 lines
2.0 KiB
C++
/*
|
|
* \brief Linux-specific layout of IPC message buffer
|
|
* \author Norman Feske
|
|
* \date 2006-06-14
|
|
*/
|
|
|
|
/*
|
|
* Copyright (C) 2006-2012 Genode Labs GmbH
|
|
*
|
|
* This file is part of the Genode OS framework, which is distributed
|
|
* under the terms of the GNU General Public License version 2.
|
|
*/
|
|
|
|
#ifndef _INCLUDE__BASE__IPC_MSGBUF_H_
|
|
#define _INCLUDE__BASE__IPC_MSGBUF_H_
|
|
|
|
namespace Genode {
|
|
|
|
/**
|
|
* IPC message buffer layout
|
|
*/
|
|
class Msgbuf_base
|
|
{
|
|
public:
|
|
|
|
enum { MAX_CAPS_PER_MSG = 8 };
|
|
|
|
protected:
|
|
|
|
/*
|
|
* Capabilities (file descriptors) to be transferred
|
|
*/
|
|
int _caps[MAX_CAPS_PER_MSG];
|
|
Genode::size_t _used_caps;
|
|
Genode::size_t _read_cap_index;
|
|
|
|
/**
|
|
* Maximum size of plain-data message payload
|
|
*/
|
|
Genode::size_t _size;
|
|
|
|
/**
|
|
* Actual size of plain-data message payload
|
|
*/
|
|
Genode::size_t _used_size;
|
|
|
|
char _msg_start[]; /* symbol marks start of message buffer data */
|
|
|
|
/*
|
|
* No member variables are allowed beyond this point!
|
|
*/
|
|
|
|
public:
|
|
|
|
char buf[];
|
|
|
|
Msgbuf_base() { reset_caps(); }
|
|
|
|
/**
|
|
* Return size of message buffer
|
|
*/
|
|
inline Genode::size_t size() const { return _size; };
|
|
|
|
/**
|
|
* Return address of message buffer
|
|
*/
|
|
inline void *addr() { return &_msg_start[0]; };
|
|
|
|
void reset_caps() { _used_caps = 0; _read_cap_index = 0; }
|
|
|
|
bool append_cap(int cap)
|
|
{
|
|
if (_used_caps == MAX_CAPS_PER_MSG)
|
|
return false;
|
|
|
|
_caps[_used_caps++] = cap;
|
|
return true;
|
|
}
|
|
|
|
int read_cap()
|
|
{
|
|
if (_read_cap_index == _used_caps)
|
|
return -1;
|
|
|
|
return _caps[_read_cap_index++];
|
|
}
|
|
|
|
size_t used_caps() const { return _used_caps; }
|
|
|
|
int cap(unsigned index) const
|
|
{
|
|
return index < _used_caps ? _caps[index] : -1;
|
|
}
|
|
};
|
|
|
|
|
|
/**
|
|
* Pump up IPC message buffer to specified buffer size
|
|
*/
|
|
template <unsigned BUF_SIZE>
|
|
class Msgbuf : public Msgbuf_base
|
|
{
|
|
public:
|
|
|
|
char buf[BUF_SIZE];
|
|
|
|
Msgbuf() { _size = BUF_SIZE; }
|
|
};
|
|
}
|
|
|
|
|
|
#endif /* _INCLUDE__BASE__IPC_MSGBUF_H_ */
|